vpm zixel usg 40 w cannot set up

Iraklizh
Iraklizh Posts: 11  Freshman Member
First Comment
edited April 2021 in Security

Good day, Please help me to resolve issue with usg 40 w.

I have network 192.168.1.0/24 on zixel, where 1.100 is Domain Controller and 192.168.1.200 is application server. On wan interface i have public ip address. I need to connect from outside via vpn to internal network to have to do rdp connection to application server.

Remote network is also public ip, given by ISP, the remote router made internal network for users by dhcp and also gave same class and ip as Zixel like (192.168.1.0/24)

from this remote network i want to config on notebook good and secure wpn acceess to zixel. but without zixel vpn client. Witch solution i can choose? and i need help with zixel, because i sow many articles, where they wrote that i must change incoming vpn ip addressing. What i did before, i connected to zixel via vpn, i connected, authorized, but cannot use zixels internal network resources ( i cannot ping internal server, cannot connect to it by rdp.) I can't understand what i made wrong.. please..help..

All Replies

  • Iraklizh
    Iraklizh Posts: 11  Freshman Member
    First Comment

    And what i cannot understand... actually our home isp prowiders (Both of them)made homr touters to accept client dhcp like 192.168.1.0 or 192.168.0.1 networks for klients... Must I change their internal addressing at home? to coonnect to Zixel vpn subnett, where i use same addressing (for example 192,168.1.0/24) Steel cannot understand why???

  • Iraklizh
    Iraklizh Posts: 11  Freshman Member
    First Comment

    also do i need to swich on gre protoclo (i mean enable checkbox?)

  • jasailafan
    jasailafan Posts: 193  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary

    Is there already a site to site vpn tunnel between usg40w and the remote router?

    If two sites are independent sites without site to site vpn, you don't have to change the internal subnet of each site.

    To connect to usg40w from the remote router via vpn client, try to set up L2TP VPN on usg40w. 

    L2TP and IPsec is supported for native Windows OS. 

    On usg40w, use VPN setup wizard to finish L2TP setting step by step. 

    Assign ip address pool for L2TP VPN users. Remember that ip address pool for L2TP VPN users can not conflict with any subnet of usg40w and the remote router

    Here are some useful examples.

    https://businessforum.zyxel.com/discussion/618/how-to-use-the-vpn-setup-wizard-to-create-a-l2tp-vpn-on-the-zywall-usg  

    https://businessforum.zyxel.com/discussion/456/how-do-you-configure-l2tp-vpn-between-zywall-and-a-windows-7-laptop

  • Iraklizh
    Iraklizh Posts: 11  Freshman Member
    First Comment

    Actually usg 40w is office network, and remote routers( i mean when users from office are at home and via vpn they only need to connect to internal network and use rdp, at the same they can use their own internet at home as thay want. for me is not necessary to use office rules, when they brouse internet at home. But if they need to connect to vpn, they connect simply and secure manner.

  • Iraklizh
    Iraklizh Posts: 11  Freshman Member
    First Comment
    edited December 2019

    Remember that ip address pool for L2TP VPN users can not conflict with any subnet of usg40w and the remote router this i didnt anderstand. i have subnet(192.168.1.0/24 at office) if i use different subnet to connect vpn clients, how they connect terminal server at target subnet 192.168.1.0/24?

    I did many times before configurations where RRAS on windows server accepted pptp vpn users pool from same subnet. Just the addresses was excluded from servers dhcp. But here i completely misunderstand the logic. And the examples and manual is not clear for me.

Security Highlight